Detailed Description

A web engine URL scheme describes a URL scheme from the web engine's perspective, specifying how URLs of this scheme should be parsed, and which security restrictions should be placed on resources originating from such URLs.

Custom URL schemes must be configured early at application startup, before creating any Qt WebEngine classes. In general this means the schemes need to be configured before a QGuiApplication or QApplication instance is created.

Every registered scheme configuration applies globally to all profiles.

Member Type Documentation

enum QWebEngineUrlScheme::Flagflags QWebEngineUrlScheme::Flags

This enum type specifies security options that should apply to a URL scheme.

Constant

Value

Description

QWebEngineUrlScheme::SecureScheme

0x1

Indicates that the URL scheme is potentially trustworthy. This flag should only be applied to URL schemes which ensure data authenticity, confidentiality, and integrity, either through encryption or other means. Examples of secure builtin schemes include https (authenticated and encrypted) and qrc (local resources only), whereas http is an example of an insecure scheme.

QWebEngineUrlScheme::LocalScheme

0x2

Indicates that the URL scheme provides access to local resources. The purpose of this flag is to prevent network content from accessing local resources. Only schemes with the LocalAccessAllowed flag may load resources from a scheme with the Local flag. The only builtin schemes with this flag are file and qrc.

QWebEngineUrlScheme::LocalAccessAllowed

0x4

Indicates that content from this scheme should be allowed to load resources from schemes with the Local flag.

QWebEngineUrlScheme::NoAccessAllowed

0x8

Indicates that all content from this scheme should be forced to have unique opaque origins: no two resources will have the same origin.

QWebEngineUrlScheme::ServiceWorkersAllowed

0x10

Indicates that the Service Workers API should be enabled.

QWebEngineUrlScheme::ViewSourceAllowed

0x20

Indicates that the View Source feature should be enabled.

QWebEngineUrlScheme::ContentSecurityPolicyIgnored

0x40

Indicates that accesses to this scheme should bypass all Content-Security-Policy checks.

The Flags type is a typedef for QFlags<Flag>. It stores an OR combination of Flag values.

enum QWebEngineUrlScheme::SpecialPort

enum QWebEngineUrlScheme::Syntax

This enum type lists types of URL syntax.

To apply the same-origin policy to a custom URL scheme, WebEngine must be able to compute the origin (host and port combination) of a URL. The Host... options indicate that the URL scheme conforms to the standard URL syntax (like http) and automatically enable the same-origin policy. The Path option indicates that the URL scheme uses a non-standard syntax and that the same-origin policy cannot be applied.

Constant

Value

Description

QWebEngineUrlScheme::HostPortAndUserInformation

0

The authority component of a URL of this type has all of the standard elements: host, port, user name, and password. A URL without a port will use the defaultPort (which must not be PortUnspecified).

QWebEngineUrlScheme::HostAndPort

1

The authority component of a URL of this type has only the host and port elements. A URL without a port will use the defaultPort (which must not be PortUnspecified).

A URL of this type has no authority component at all. Everything after scheme name and separator character (:) will be preserved as is without validation or canonicalization. All URLs of such a scheme will be considered as having the same origin (unless the NoAccessAllowed flag is used).